Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-41734 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. | 4.3 |
| 2024-08-13 | CVE-2024-42373 | Missing Authorization vulnerability in SAP Student Life Cycle Management SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. | 5.4 |
| 2024-08-13 | CVE-2024-28166 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2024-08-13 | CVE-2024-33003 | Unspecified vulnerability in SAP Commerce Cloud Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. | 9.1 |
| 2024-08-13 | CVE-2024-33005 | Missing Authorization vulnerability in SAP products Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. | 6.3 |
| 2024-08-13 | CVE-2024-41730 | Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. | 9.8 |
| 2024-08-13 | CVE-2024-41731 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2024-08-13 | CVE-2024-41732 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. | 5.4 |
| 2024-08-13 | CVE-2024-41733 | Unspecified vulnerability in SAP Commerce Comcloud2211/Hycom2205 In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. | 5.3 |
| 2024-08-13 | CVE-2024-41735 | Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205 SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | 5.4 |